11-07-2020 11:02 PM - edited 11-07-2020 11:06 PM
Hi All,
Create a privilege 7 user and added these permissions
privilege exec level 7 terminal length 0
privilege exec level 7 show running-config
privilege exec level 7 show startup-config
when running Show running-config there is not much output but getting the full output for show startup-config
how can i give get a full output for show running-config
thanks in advance
11-08-2020 12:11 AM
- Check if this document can help you :
M.
11-08-2020 01:27 AM
thank you, really helped
but if I give configure terminal access to level 7, the user can modify the configurations
is there are way to give read only permission
11-08-2020 02:21 AM
I replied other thread, you ca try below :
Since you do not provide the device information or IOS - high level you can do as below
username bbandi privilege 5 secret 5 YYYYYYYYYYYYYYYYYYY
privilege exec level 5 show running-config view full
privilege exec level 5 show running-config view
privilege exec level 5 show running-config
privilege exec level 5 show
11-08-2020 09:34 PM
thank you, device is a switch and i have different models
i tried the commands but still it does not give the full output
SW01#show running-config
Building configuration...
Current configuration : 192 bytes
!
! Last configuration change at 05:20:54 UTC Mon Nov 9 2020 by admin
! NVRAM config last updated at 07:56:01 UTC Sun Oct 18 2020 by admin
!
boot-start-marker
boot-end-marker
!
!
!
!
!
!
end
11-09-2020 12:12 AM
you need to tell us what is that device and IOS so we can suggest better. - that is an example will help to understand the syntax
11-09-2020 12:20 AM
i have ws-c2960L-48ps-LL with c2960l-universalk9-mz.152-6.E
11-09-2020 02:19 AM
Try below : (still not working - post complete config to look)
privilege exec all level 5 show running-config
11-09-2020 04:57 AM - edited 11-09-2020 05:08 AM
thank you, please find configurations, i have removed some due to security purposes
Using 7927 out of 524288 bytes
!
! Last configuration change at 07:55:54 UTC Sun Oct 18 2020 by admin
! NVRAM config last updated at 07:56:01 UTC Sun Oct 18 2020 by admin
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW04
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
!
!
!
!
interface GigabitEthernet0/1
switchport access vlan 15
switchport mode access
spanning-tree portfast edge
!
interface Vlan1
no ip address
shutdown
!
interface Vlan15
description dtp VLAN
ip address
!
ip http server
ip http secure-server
ip ssh version 2
!
!
!
snmp-server community rww RO
snmp-server enable traps snmp authentication
snmp-server host rww snmp
no vstack
!
line con 0
line vty 0 4
login local
line vty 5 15
login
!
end
11-09-2020 09:05 AM
i do not see real config for the user config and other to verify - the one you provided do not have any clue.
11-09-2020 08:41 PM
could you provide me the command to get the configuration that you are looking for
11-10-2020 12:12 AM
show run (with out modifying it and you can remove any password) but i do not see any AAA or username.
11-10-2020 12:37 AM
please find below
SW04#show running-config
Building configuration...
Current configuration : 9221 bytes
!
! Last configuration change at 07:55:54 UTC Sun Oct 18 2020 by admin
! NVRAM config last updated at 07:56:01 UTC Sun Oct 18 2020 by admin
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW04
!
boot-start-marker
boot-end-marker
!
!
username xxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
no aaa new-model
!
!
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
!
!
!
!
interface GigabitEthernet0/1
switchport access vlan 15
switchport mode access
spanning-tree portfast edge
!
interface Vlan1
no ip address
shutdown
!
interface Vlan15
description Data VLAN
ip address xx.xx.xx.xx xxx.xxxx.xxxx.xx
!
ip http server
ip http secure-server
ip ssh version 2
!
!
!
snmp-server community yyyy RO
snmp-server enable traps snmp authentication
snmp-server host xx.xx.xx.xx yyyy snmp
no vstack
!
line con 0
line vty 0 4
login local
line vty 5 15
login
!
end
11-10-2020 02:01 AM
Sorry am i missing something here -- you do not have any config we suggested. your aaa also not configured.
as per my understanding of high level configuration you looking to user to have only show run to take backup is this correct. ?
11-10-2020 02:34 AM - edited 11-10-2020 04:49 AM
sorry, i missed some while copying
I enabled the AAA with below commands and it worked, but I am worried i may loos access or permission
aaa new-model
aaa authentication login default local
aaa authorization exec default local
SW04#show running-config
Building configuration...
Current configuration : 9221 bytes
!
! Last configuration change at 07:55:54 UTC Sun Oct 18 2020 by admin
! NVRAM config last updated at 07:56:01 UTC Sun Oct 18 2020 by admin
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW04
!
boot-start-marker
boot-end-marker
!
enable secret 4 uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu
!
username xxxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
username tttttt privilege 7 secret 5 ttttttttttttttttttttttt
username wwwwwww privilege 5 secret 5 qqqqqqqqqqqqqqqqqqqqqqqqqqq
no aaa new-model
!
!
!
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
!
!
!
!
interface GigabitEthernet0/1
switchport access vlan 15
switchport mode access
spanning-tree portfast edge
!
interface Vlan1
no ip address
shutdown
!
interface Vlan15
description Data VLAN
ip address xx.xx.xx.xx xxx.xxxx.xxxx.xx
!
ip http server
ip http secure-server
ip ssh version 2
!
!
!
snmp-server community yyyy RO
snmp-server enable traps snmp authentication
snmp-server host xx.xx.xx.xx yyyy snmp
no vstack
privilege exec level 7 copy running-config
privilege exec level 7 copy
privilege exec level 7 crypto
privilege exec level 7 configure terminal
privilege exec level 7 configure
privilege exec level 7 terminal length
privilege exec level 7 terminal
privilege exec level 7 show crypto
privilege exec level 5 show startup-config
privilege exec level 5 show running-config view full
privilege exec level 5 show running-config view
privilege exec all level 7 show running-config
privilege exec level 7 show configuration
privilege exec level 7 show
!
line con 0
line vty 0 4
login local
line vty 5 15
login
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide